1. Field of the Invention
The present invention relates to an encryption method for encrypting a message in communication through the internet or the like using an encryption algorithm, a decryption method, a program for the encryption algorithm for executing the method, and a memory medium for storing the program. Particularly, the present invention relates to a cryptosystem which enhances the encryption strength by grasping a group of data to be handled inside the encryption algorithm as a virtual data space; recognizing a ciphertext generated using the encryption algorithm as a directional component; utilizing the data in the virtual data space designated by the directional component inside the encryption algorithm for making the ciphertext intricate; and utilizing a chaos signal for the encryption algorithm.
2. Description of the Prior Art
The internet is being evolved to an open network system to which not only computers but also portable telephones and general home appliances can be connected. With the internet, electronic commerce and the like are making a rapid progress. The information which is handled in them is personal data, settlement data, and the like, requiring a high confidentiality. Then, to prevent leakage of data, and to protect the users of communication network against an information offense, such as a so-called disguise, various cryptosystems have been practiced. A cryptosystem consists of an encryption system and a decryption system, however, the decryption system can be realized as a system having the same configuration as that of the encryption system, therefore, the following description will be given mainly about the encryption system.
Cryptosystems can be mainly classified by the method of key generation: common key cryptosystem and public-key cryptosystem. The common key cryptosystem is also known as the symmetry cryptosystem, using the same key for both encryption and decryption. On the other hand, the public-key cryptosystem is also referred to as the non-symmetry cryptosystem, using different keys for encryption and decryption. With the common key cryptosystem, the key used for encryption is the same as that for decryption, therefore every time a ciphertext is sent and received, a special key is required, resulting in the control of the keys being complex. In addition, the encryption key can be used for decryption, the key must be sent to the other party secretly to the third party, and the way of sending the key must be carefully selected.
The public-key cryptosystem has eliminated these drawbacks of the common key cryptosystem. The public-key cryptosystem is a cryptosystem which uses a unique algorithm for performing encryption and decryption, and employs the encryption and decryption keys which are different from each other. With this cryptosystem, the disadvantages of the common key cryptosystem, such as complex key control, and difficulty of sending the key with the possibility of leakage being minimized have been overcome. The public-key cryptosystem can be said to be a cryptosystem which adds a special algorithm for generating a public key to the common key cryptosystem. It can be said that this public-key cryptosystem is excellent in convenience as a cryptosystem, and provides a high encryption strength, however, the encryption speed tends to be inevitably slow. For details, refer to [NK97] in the list of reference literature given at the end of this specification.
Cryptosystems can be mainly classified by the method of processing of the data to be encrypted: block cryptosystem and stream cryptosystem. As described in “Cryptograph and Information Security” edited and written by Shigeo Tsujii and Masao Sasahara (published by Shokodo, 1990), the block cryptosystem performs encryption and decryption every relatively long data block of several ten bits or more. If the plaintext block is expressed as M, the key block as K, and the ciphertext block as C, the encryption and decryption can be expressed as follows:
Encryption: C=EK (M)
Decryption: M=DK (C)
On the other hand, the stream cryptosystem is a cryptosystem which encrypts a plaintext by using pseudo-random numbers known as a keystream as the encryption key. With the stream cryptosystem, encryption and decryption are sequentially performed every small data block of 1 bit or a few bits (for example 1 byte). The Vernam cryptosystem is a typical stream cryptosystem. If the symbol series representing the plaintext is M, the symbol series representing the ciphertext block is C, the symbol series representing the random numbers is K, and the operator for the exclusive OR operation is XOR, the Vernam cryptosystem can be expressed as follows:
Encryption: C=M XOR K
Decryption: M=C XOR K
The random number symbol series K in the Vernam cryptosystem corresponds to the key in the block cryptosystem.
Because the block cryptosystem divides the plaintext into fixed lengths for processing, the rule for encryption processing by the encryption algorithm or the like can easily be found out. On the other hand, it is said that, with the stream cryptosystem, the rule for encryption processing is difficult to be found out. However, because the stream cryptosystem encrypts the plaintext with the use of the pseudo-random numbers inside the encryption algorithm, the degree of difficulty in decoding the pseudo-random numbers can have a direct effect on the encryption strength. If a stream cryptography is built by using a pseudo-random number sequence which is cryptologically high in safety, the stream cryptosystem can allow building an encryption system with a high safety strength.
However, any of the conventional pseudo-random number sequences lacks safety, and the insufficient safety of the pseudo-random number sequence is a weak point of the stream cryptosystem, the weak point having not been eliminated. Then, as the cryptosystem, the block cryptosystem has been adopted, and to prevent the rule for encryption processing from being found out, some other technology has been added to the block cryptosystem to develop many cryptosystems which are different from the block cryptosystem used as the basis. For details, refer to [NK97] in the list of reference literature given at the end of this specification.
With a cryptosystem, the balance between the speed of processing the data for encryption and decryption, and the encryption strength is critical. As a popular cryptosystem, DES (Data Encryption Standard) which was adopted by the National Institute of Standards and Technology of the United States in 1977 is available. Belonging to the block cryptosystem, DES is a cryptosystem which has been cryptoanalyzed in the basic technology. At present, it has been developed to 3DES, which repeats the same encryption processing three times for increasing the difficulty of decryption.
As another cryptosystem, the chaos cryptosystem is available. For detailed description of the chaos, refer to [AI90] and [AI00] in the list of reference literature given at the end of this specification. The chaos cryptosystem generates a chaos signal in accordance with a chaos function, and uses this chaos signal to make the ciphertext intricate for enhancing the encryption strength. The chaos cryptosystem utilizes the following characteristics of the chaos function.    {circle around (1)} Sensitivity to initial value (sensitive dependence on initial condition).    {circle around (2)} A property of one way.    {circle around (3)} It has a strange attractor.
The chaos cryptosystem which utilizes these characteristics is said to have a high processing speed, operate with a light program, and be high in encryption strength. As the chaos coating method (the method of accommodating the chaos function in the cryptosystem), the technique which is used with the encryption function in the block cryptosystem, and the technique which is used for generating a keystream in the stream cryptosystem are known.
With the above-mentioned 3DES, the same processing is repetitively performed with the encryption processing speed being sacrificed. In other words, the user of 3DES can only select lowering the encryption processing speed to maintain a desired encryption strength, at present. Any portable telephone, which is capable of performing electronic mail and internet communications, requires to be loaded with a cryptosystem. However, with the computer program for realizing the encryption algorithm for 3DES, the number of program steps is large, and a large memory capacity is required, therefore, 3DES is practically difficult to be loaded in the portable telephone. In addition, the block cryptosystem, such as 3DES, performs encryption processing every fixed length, thus, depending upon the set mode, the ciphertext has a periodicity, and when a file providing a specific pattern, such as image data, is encrypted, the ciphertext is easy to be decrypted, which makes the block cryptosystem, such as 3DES, unsuitable for multi-media.
Because the chaos cryptosystem utilizes the above-mentioned characteristics of the chaos function, it can be said that the chaos cryptosystem is provided with excellent basic characteristics as a cryptosystem. However, among the conventional chaos cryptosystems, the block cryptosystem uses the cut map or the tent map as it is, which has a segment linearity, therefore, if the block cryptosystem is a chaos cryptosystem, the ciphertext is cryptoanalyzed by the difference decoding technique.
Among the chaos cryptosystems, the stream cryptosystem, which uses a chaos signal for generating a keystream, is required to have an improved safety of the keystream as pseudo-random numbers. To meet this requirement, it has been conventionally performed that the key is first used as the initial value or parameter of the chaos function for generating a first chaos signal using the chaos function; then, using the first chaos signal as the initial value or parameter of that chaos function, a second chaos signal is generated; further, using the second chaos signal as the initial value or parameter of that chaos function, a third chaos signal is generated; thus, between the input and the output of the chaos signal generating means (corresponding to the chaos emulator in the present application), the feedback is repeated for increasing the complexity of the chaos signal; and the chaos signal obtained as a result of many times of circulation is used as the keystream. With this conventional keystream generating method, the processing time is increased with the number of times of circulating the chaos signal being increased, and if the circulation is performed many times, but the chaos function is known, the possibility of the ciphertext being decrypted is not completely eliminated.
The stream-chaos cryptosystem is known; with it, to improve the encryption strength of the chaos cryptosystem (stream-chaos cryptosystem) which generates a keystream on the basis of a chaos signal, a plurality of chaos functions are previously provided inside the encryption algorithm, and the chaos function is changed over from one to another on the way of encryption processing. With one method of this cryptosystem, a logic which changes over the chaos function to be used, every specific length of the plaintext (10,000 bytes, for example), is previously incorporated in the encryption logic. With another method, the information for switchover of the chaos function is inserted in the middle of the ciphertext. But, if the chaos function is switched over from one to another every specific length of the plaintext, the characteristics of the ciphertext are changed with the switchover, and this change of the characteristics of the ciphertext may give an opportunity of decryption. On the other hand, if an instruction for changeover of the chaos function is inserted in the middle of the ciphertext, the changeover instruction may give a chance of decryption. Thus, the chaos cryptosystem with which a plurality of chaos functions are provided for switchover of the chaos function has been devised in the intension of improving the encryption strength by making the chaos function difficult to be comprehend, however, whether the switchover is provided by previously incorporating the switchover locations in the encryption logic or inserting the instruction for changeover of the chaos function in the middle of the ciphertext, there is a great possibility of the information for switchover rather causing the encryption strength to be lowered.
With the stream-chaos cryptosystem, which uses the information of the key as the initial value of the chaos function for generating the value of the chaos function in the form of a floating point number as a chaos signal, and generates a keystream on the chaos signal, the chaos signal value varies only in a narrow range in the vicinity of 0 or in the vicinity of 1. If the chaos function value varies only in a narrow range in the vicinity of a particular value, the distribution range of the data in the keystream is extremely narrowed, which results in the data in the ciphertext being distributed in a narrow range, and thus the encryption strength being lowered.
With conventional cryptosystems, the length of the key is fixed. If a key having a length shorter than the predetermined length of the key is input, the data which is lacking is regarded as 0, and on the basis of the data of 0, the decryption of the key is facilitated, resulting in the strength of the key being substantially lowered. If a key having a length exceeding the predetermined length of the key is input, the excess data is not processed, and thus however long a key is used, the encryption strength will not be improved. In other words, with conventional cryptosystems, the encryption strength is fixed, and cannot be freely set by the user. With a cryptosystem providing a greater length of key, the encryption strength is high, but the processing speed is low. Thus, with conventional cryptosystems, the user cannot select the processing speed and the encryption strength as required, because the length of the key is fixed.